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Integrated investigation tool for a complete endpoint detection and response (EDR) add-on 
for Trend Micro Worry-Free Services 


Advanced malware can manifest itself in your enterprise networks, bypassing traditional security technology. It can change and spread through an 
organization before executing and exploiting your intellectual property, or it can sit dormant until an opportunity presents itself to steal or ransom 
data. Fortunately, Trend Micro™ Worry-Free" Services uses XGen™ threat and malware protection, a blend of cross generational threat protection 
echniques, such as machine learning and behavioral analysis. Once a detection has been made though, questions remain: What was the root cause? 
How many endpoints did it spread to? Was it related to other detections picked up by the endpoint protection? 


™ 


Trend Micro” Worry-Free" Services Endpoint Sensor gives insight to detections by allowing threat investigators to explore detections using EDR 
investigation functionality. 





KEY FEATURES 


Integrated workflow: Threat detection investigation is performed within the workflow and console of Worry-Free Services. No more moving from 
one console to another. 


Efficient endpoint recording: Endpoint Sensor records and stores information on system behaviors, communications and user behaviors. Metadata 
on this information is sent to the Worry-Free Services server to allow investigators to “sweep” for indicators of compromise (loCs) 


Server side loC sweeping: The Worry-Free Services server only stores essential metadata of end user recorded data (or telemetry). This allows 
investigators to perform multiple searches or “sweeps” of this data without having to query each endpoint individually. In addition, detailed root cause 
investigations can be made on each endpoint directly. 


Flexible searching: Investigators can search (or sweep) with multiple parameters. Searches can be made on parameters such as; specific 
communications, specific malware, registry activity, account activity, and running processes. Or investigators can search using industry standard 
OpenloC rules. 





Root cause analysis: Investigators can drill down on an interactive process tree that illustrates the full chain of attack to analyze how the 
detection arrived, changed, and spread by viewing activities, objects, and processes. Immediate response can be taken to terminate processes 
and to sweep further. 


Vendor intelligence and assistance: Layering in proactive global threat intelligence, the Trend Micro™ Smart Protection Network™ provides clarity 
and assistance to threat investigators. Endpoint Sensor recognizes known good objects and processes as well as known bad objects and processes. 
Investigators can view a colour-coded root cause analysis to identify risky or unknown processes and guide in the remediation. 


Immediate response options: Worry-Free Services already provides advanced automation to remediate detections. It can automatically isolate, 
quarantine, block executions, roll back settings (and files, in the case of ransomware), with the option to manually respond while performing an 
investigation by isolating endpoints. 


Advanced threat detection by virtual analyzer/cloud sandboxing: Cloud sandboxing provides dynamic analysis of potentially malicious attachments 
in a secure virtual environment, allowing automated submittal during the evaluation process to mitigate unknown threats, significantly decreasing the 
risk of infection. 


Cross-product detection and response (when added to Trend Micro” Worry-Free™ Services Advanced): Combining Worry-Free Services Advanced 
and Endpoint Sensor gives you detection and response capabilities beyond the endpoint. A single console with native integration to email 
and endpoint allows automated data correlation across products. 


Page 1of 2 • DATASHEET » TREND MICRO WORRY-FREE” SERVICES ENDPOINT SENSOR 





HOW IT WORKS 


1. Endpoints with Worry-Free Services Endpoint Sensor enabled will record system behaviors, user 
behaviors, and communications. 


2. Metadata on the recorded information is sent to the Worry-Free Services server. 


3. When a detection is made with Worry-Free Services, investigators can search through the 
metadata to understand the impact analysis of the detection to understand how far it has spread 
and who else has been compromised. 


4. A full root cause analysis allows investigators to understand the cause of the detection and 
immediately implement a response that includes remediating affected systems and updating 
Worry-Free Services to block similar attacks in the future. 
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5.Alternately, before a detection, investigators can search their environment using various 
parameters or with OpenloC. 


New Assessment 
Name” 


Period: = Last 7 days ~ 
Criteria: @ Custom criteria © OpenlOC File 
Match ANY of the folowing = 


+ Add criteria = 


HOST INFORMATION 
Host (Host name / IP address) 
User account 
File name 


File path 








MINIMUM AGENT REQUIREMENTS 


Worry-Free Services Endpoint Sensor is available as an optional add-on to Worry-Free Services 
endpoint protection. Please refer to the system requirements for Worry-Free Services. 





Worry-Free Services Endpoint Sensor is supported on the following endpoints 
with Worry-Free Services: 


Windows 
e Windows 7 SP1 (6.1) 
e Windows 8.1 (6.3) 
e Windows 10 (10.0) 
Hardware: 


2 GB minimum RAM, 2 GB available disk space (3 GB recommended) 
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Protection Points 


* Microsoft® Windows® 


Key Features 


loC sweeping 


Root cause analysis of detection 


Impact analysis of detection 


e Instant response 
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